From a06685a548b544e1a09c9d8f76c7c5ea7ce292a3 Mon Sep 17 00:00:00 2001 From: Urvashi Mohnani Date: Mon, 29 Jan 2024 13:41:35 -0500 Subject: [PATCH] Farm build should read server registries.conf Fix the way we set skipTLSVerify on the client side to ensure that the push stage in farm build takes into account the configuration in the farm node's registries.conf when the user hasn't set it on the client side. Signed-off-by: Urvashi Mohnani --- cmd/podman/farm/build.go | 14 ++++++++++---- pkg/domain/entities/types/types.go | 2 +- pkg/farm/list_builder.go | 16 +++++++++++----- test/farm/001-farm.bats | 29 ++++++++++++++++++++++++++++- test/farm/setup_suite.bash | 2 +- 5 files changed, 51 insertions(+), 12 deletions(-) diff --git a/cmd/podman/farm/build.go b/cmd/podman/farm/build.go index a787f4bb17..3e396fce7c 100644 --- a/cmd/podman/farm/build.go +++ b/cmd/podman/farm/build.go @@ -109,11 +109,17 @@ func build(cmd *cobra.Command, args []string) error { return err } opts.IIDFile = iidFile - tlsVerify, err := cmd.Flags().GetBool("tls-verify") - if err != nil { - return err + // only set tls-verify if it has been changed by the user + // if it hasn't we will read the registries.conf on the farm + // nodes for further configuration + if changed := cmd.Flags().Changed("tls-verify"); changed { + tlsVerify, err := cmd.Flags().GetBool("tls-verify") + if err != nil { + return err + } + skipTLSVerify := !tlsVerify + opts.SkipTLSVerify = &skipTLSVerify } - opts.SkipTLSVerify = !tlsVerify localEngine := registry.ImageEngine() ctx := registry.Context() diff --git a/pkg/domain/entities/types/types.go b/pkg/domain/entities/types/types.go index a2f0cf11c5..6530402f30 100644 --- a/pkg/domain/entities/types/types.go +++ b/pkg/domain/entities/types/types.go @@ -56,7 +56,7 @@ type FarmBuildOptions struct { // Authfile is the path to the file holding registry credentials Authfile string // SkipTLSVerify skips tls verification when set to true - SkipTLSVerify bool + SkipTLSVerify *bool } // BuildOptions describe the options for building container images. diff --git a/pkg/farm/list_builder.go b/pkg/farm/list_builder.go index 338c1606cd..a3d299410a 100644 --- a/pkg/farm/list_builder.go +++ b/pkg/farm/list_builder.go @@ -17,7 +17,7 @@ type listBuilderOptions struct { cleanup bool iidFile string authfile string - skipTLSVerify bool + skipTLSVerify *bool } type listLocal struct { @@ -39,13 +39,19 @@ func newManifestListBuilder(listName string, localEngine entities.ImageEngine, o // Build retrieves images from the build reports and assembles them into a // manifest list in local container storage. func (l *listLocal) build(ctx context.Context, images map[entities.BuildReport]entities.ImageEngine) (string, error) { + // Set skipTLSVerify based on whether it was changed by the caller + skipTLSVerify := types.OptionalBoolUndefined + if l.options.skipTLSVerify != nil { + skipTLSVerify = types.NewOptionalBool(*l.options.skipTLSVerify) + } + exists, err := l.localEngine.ManifestExists(ctx, l.listName) if err != nil { return "", err } // Create list if it doesn't exist if !exists.Value { - _, err = l.localEngine.ManifestCreate(ctx, l.listName, []string{}, entities.ManifestCreateOptions{SkipTLSVerify: types.NewOptionalBool(l.options.skipTLSVerify)}) + _, err = l.localEngine.ManifestCreate(ctx, l.listName, []string{}, entities.ManifestCreateOptions{SkipTLSVerify: skipTLSVerify}) if err != nil { return "", fmt.Errorf("creating manifest list %q: %w", l.listName, err) } @@ -63,7 +69,7 @@ func (l *listLocal) build(ctx context.Context, images map[entities.BuildReport]e logrus.Infof("pushing image %s", image.ID) defer logrus.Infof("pushed image %s", image.ID) // Push the image to the registry - report, err := engine.Push(ctx, image.ID, l.listName+docker.UnknownDigestSuffix, entities.ImagePushOptions{Authfile: l.options.authfile, Quiet: false, SkipTLSVerify: types.NewOptionalBool(l.options.skipTLSVerify)}) + report, err := engine.Push(ctx, image.ID, l.listName+docker.UnknownDigestSuffix, entities.ImagePushOptions{Authfile: l.options.authfile, Quiet: false, SkipTLSVerify: skipTLSVerify}) if err != nil { return fmt.Errorf("pushing image %q to registry: %w", image, err) } @@ -111,11 +117,11 @@ func (l *listLocal) build(ctx context.Context, images map[entities.BuildReport]e } // Add the images to the list - listID, err := l.localEngine.ManifestAdd(ctx, l.listName, refs, entities.ManifestAddOptions{Authfile: l.options.authfile, SkipTLSVerify: types.NewOptionalBool(l.options.skipTLSVerify)}) + listID, err := l.localEngine.ManifestAdd(ctx, l.listName, refs, entities.ManifestAddOptions{Authfile: l.options.authfile, SkipTLSVerify: skipTLSVerify}) if err != nil { return "", fmt.Errorf("adding images %q to list: %w", refs, err) } - _, err = l.localEngine.ManifestPush(ctx, l.listName, l.listName, entities.ImagePushOptions{Authfile: l.options.authfile, SkipTLSVerify: types.NewOptionalBool(l.options.skipTLSVerify)}) + _, err = l.localEngine.ManifestPush(ctx, l.listName, l.listName, entities.ImagePushOptions{Authfile: l.options.authfile, SkipTLSVerify: skipTLSVerify}) if err != nil { return "", err } diff --git a/test/farm/001-farm.bats b/test/farm/001-farm.bats index 5eac972ab8..e9d987b9bb 100644 --- a/test/farm/001-farm.bats +++ b/test/farm/001-farm.bats @@ -85,10 +85,37 @@ load helpers.bash run_podman image prune -f } +@test "farm - build on farm node only with registries.conf" { + cat >$PODMAN_TMPDIR/registries.conf <